Get better security with thin clients and fat files

DATA IS so chronically portable that you can walk around with 20 to 40GB of SD memory cards stuffed into your wallet and still have room for your ID and a couple of bucks.

There is, of course, the little matter that the SD standard has now been "broken" by the SD High Capacity (SDHC) card so that we can put between 4 to 32GB onto a postage stamp and require all new SDHC readers, but what's a little obsolesce between friends. SDHC users a SD FAT 32 file system, while "legacy" (i.e. pretty much everything out there now, including the SD slots in my laptop, desktop, and one of the cameras in the household) are FAT 16 file system. But I digress…

It's a point that's got the U.S. Government in a quandary, because they want to hire the best and brightest and younger to get fresh IT blood into three-letter agencies. Today's iPodded youth get grumpy when you ask them to empty their pockets of their MP3 players, cell phones with hundreds of MB of flash storage, and other consumer electronic devices loaded with flash before walking into a SCIF (A Sensitive Compartmented Information Facility).

Even ignoring that, there's the little matter of too many people wanting to load databases chock full of personal information for their own little private projects. Mostly older IT guys that have been out of the sunshine way too long and should have taking a vacation down to Disneyworld about 10 years ago.

Some organisations, such as law firms, decided that they needed a balance between access control and total access. They like the idea of the corporate wage slave being able to work at all hours of the day, but don't approve of the idea that sensitive information can be simply schlepped onto a laptop and walked out the door.

Instead, employees are issued with a company PC equipped with the latest 3G-esque card, plenty of security software, and a thin client to access the company server(s). No chance for large downloads either within the perimeter of the corporate firewall or outside of it. Everything is accessed through a thin client, with data presented and edited through it, so people can do e-mail, calendaring, and accessing whatever databases they need to for looking up information - but not downloading it.

You can forget about FTP in these scenarios, because it's been either disabled or rigged so that any attempts to download anything more than a PowerPoint or two in one session will result in unforeseen results. Attempts to download a large chunk of the corporate database or a subset via query and suddenly things start to s-l-o-w d-o-w-n after a particular download limit has been crossed, along with alarm bells and beepers going off.

An innocent 40 to 50MB database may be fattened up before FTP transfer into an unreadable 450MB file, regardless of who you are in the firm - assuming the IT guy hasn't planted a backdoor in the system, but that's a different story for another day. µ